Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/b7d2d33f-dd78-4e1e-af2a-d79c01c8402b.roa
File:                     b7d2d33f-dd78-4e1e-af2a-d79c01c8402b.roa (raw, json)
Hash identifier:          spDyN2w7flxLPO6IqOgtQonqKgGCINPf6kINiuZJxRM=
Subject key identifier:   EF:F9:44:BB:19:9D:6B:5A:A5:22:58:08:04:3D:2A:73:BA:0A:02:71
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       56CED17DBB01A2EC4F19BE2ACCAD3C8EB08DCC7B
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/b7d2d33f-dd78-4e1e-af2a-d79c01c8402b.roa
Signing time:             Mon 27 Jan 2025 00:00:00 +0000
ROA not before:           Mon 27 Jan 2025 00:00:00 +0000
ROA not after:            Mon 03 Mar 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        50.18.32.0/21 maxlen: 21
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            56:ce:d1:7d:bb:01:a2:ec:4f:19:be:2a:cc:ad:3c:8e:b0:8d:cc:7b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jan 27 00:00:00 2025 GMT
            Not After : Mar  3 23:59:59 2025 GMT
        Subject: serialNumber=36950da14e95242357f78299c428cdab72014f35e5dc489008f23eb6cf11d29f, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:ad:d2:59:a4:74:11:ac:97:3b:b2:6a:46:ed:
                    52:8d:aa:ff:c5:37:1f:5c:ff:69:7b:ce:f7:f4:31:
                    38:d6:19:2e:88:ec:a9:d3:92:9c:46:51:05:4f:16:
                    a3:43:15:0a:25:82:70:7f:96:a6:e1:77:a8:22:1f:
                    b1:4a:ae:e5:92:25:53:11:58:0f:7d:ea:62:ae:10:
                    c7:6d:39:59:f5:63:95:70:77:7b:85:6c:9b:b3:c8:
                    b4:36:d9:5f:32:20:5f:a5:5e:1c:ea:b7:62:df:be:
                    bf:c0:9c:f3:22:cd:80:a0:94:6e:dd:49:f4:40:1f:
                    dd:75:b9:88:1b:92:f4:9f:17:d9:7e:ab:f1:ae:5e:
                    cf:52:0d:5d:7c:25:6e:1c:96:57:91:00:f3:6b:38:
                    1e:61:fa:63:06:c8:ec:64:44:a5:b5:73:59:6b:ab:
                    98:cd:cb:bd:f6:a4:4e:db:32:c4:cd:1e:31:1c:4c:
                    2b:6b:64:c0:e2:de:f5:c3:90:79:38:66:25:bc:43:
                    86:b1:14:ba:d6:c1:c6:5b:ff:02:67:a5:d7:7d:96:
                    29:b3:c2:eb:88:a5:c6:8c:ce:27:de:81:78:f5:a7:
                    92:6e:0f:93:0c:fe:1f:1c:92:ee:42:e6:9e:90:a4:
                    d4:10:87:75:1b:e5:d2:6a:6f:98:f0:af:02:80:7c:
                    20:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EF:F9:44:BB:19:9D:6B:5A:A5:22:58:08:04:3D:2A:73:BA:0A:02:71
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/b7d2d33f-dd78-4e1e-af2a-d79c01c8402b.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  50.18.32.0/21

    Signature Algorithm: sha256WithRSAEncryption
         bc:70:b7:bd:d9:57:84:bd:0b:63:67:75:98:8f:f1:a5:80:9f:
         2e:63:54:8b:3d:ed:fa:fb:28:d6:15:ce:fa:6f:f1:6d:00:fb:
         7e:22:1c:bc:ae:2a:30:0f:cd:ce:1b:42:21:80:63:70:dd:c3:
         b5:99:9b:8b:ff:d8:45:c6:a8:2e:84:95:0f:5d:6a:40:54:09:
         05:69:08:1c:c4:93:e7:f8:c0:4f:d2:13:e5:f3:b7:c0:48:fa:
         81:3f:7c:db:78:2a:dc:8a:a2:f1:be:9f:b9:49:16:be:0a:9b:
         35:1d:f2:1c:a5:f4:6b:55:41:64:c8:c4:9c:50:de:d5:82:2f:
         0f:97:ca:41:f1:99:2f:64:7c:c7:9e:a9:89:ed:b1:ce:13:67:
         46:e5:a7:52:c9:e7:4a:01:a1:d1:2f:20:9f:e9:3d:10:ba:f3:
         44:a1:aa:7e:76:cf:ec:b1:41:5d:9b:14:c3:b9:fd:ed:14:60:
         64:5d:df:30:d3:33:39:ad:67:a0:65:36:41:72:0e:e9:e9:4b:
         5a:a9:24:18:f7:fe:6f:0c:74:9c:71:eb:5d:da:cd:66:4c:c4:
         e0:b8:2a:8a:8d:43:59:03:e1:84:89:14:f3:40:ba:0e:47:cf:
         f1:27:93:ea:73:cb:e3:90:8d:da:26:33:2b:56:30:7a:0d:e9:
         38:0f:38:8b
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUVs7RfbsBouxPGb4qzK08jrCNzHswDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMTI3MDAwMDAwWhcNMjUwMzAzMjM1OTU5
WjB6MUkwRwYDVQQFE0AzNjk1MGRhMTRlOTUyNDIzNTdmNzgyOTljNDI4Y2RhYjcy
MDE0ZjM1ZTVkYzQ4OTAwOGYyM2ViNmNmMTFkMjlmMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDWrdJZpHQRrJc7smpG7VKNqv/FNx9c/2l7zvf0MTjWGS6I
7KnTkpxGUQVPFqNDFQolgnB/lqbhd6giH7FKruWSJVMRWA996mKuEMdtOVn1Y5Vw
d3uFbJuzyLQ22V8yIF+lXhzqt2Lfvr/AnPMizYCglG7dSfRAH911uYgbkvSfF9l+
q/GuXs9SDV18JW4clleRAPNrOB5h+mMGyOxkRKW1c1lrq5jNy732pE7bMsTNHjEc
TCtrZMDi3vXDkHk4ZiW8Q4axFLrWwcZb/wJnpdd9limzwuuIpcaMzifegXj1p5Ju
D5MM/h8cku5C5p6QpNQQh3Ub5dJqb5jwrwKAfCDlAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU7/lEuxmda1qlIlgIBD0qc7oKAnEwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2I3ZDJkMzNmLWRkNzgtNGUxZS1hZjJhLWQ3OWMwMWM4NDAyYi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAMyEiAwDQYJKoZIhvcNAQELBQADggEBALxwt73ZV4S9C2NndZiP8aWAny5j
VIs97fr7KNYVzvpv8W0A+34iHLyuKjAPzc4bQiGAY3Ddw7WZm4v/2EXGqC6ElQ9d
akBUCQVpCBzEk+f4wE/SE+Xzt8BI+oE/fNt4KtyKovG+n7lJFr4KmzUd8hyl9GtV
QWTIxJxQ3tWCLw+XykHxmS9kfMeeqYntsc4TZ0blp1LJ50oBodEvIJ/pPRC680Sh
qn52z+yxQV2bFMO5/e0UYGRd3zDTMzmtZ6BlNkFyDunpS1qpJBj3/m8MdJxx613a
zWZMxOC4KoqNQ1kD4YSJFPNAug5Hz/Enk+pzy+OQjdomMytWMHoN6TgPOIs=
-----END CERTIFICATE-----